Default automation stitches
The following default automation stitches are included in FortiOS:
- Compromised Host Quarantine
- Incoming Webhook Quarantine
- HA Failover
- Network Down
- Reboot
- FortiAnalyzer Connection Down
- License Expired Notification
- Security Rating Notification
To view and edit the automation stitches in the GUI, go to Security Fabric > Automation.
CLI configurations
Compromised Host Quarantine
config system automation-action edit "Quarantine on FortiSwitch + FortiAP" set description "Default automation action configuration for quarantining a MAC address on FortiSwitches and FortiAPs." set action-type quarantine next edit "Quarantine FortiClient EMS Endpoint" set description "Default automation action configuration for quarantining a FortiClient EMS endpoint device." set action-type quarantine-forticlient next end
config system automation-trigger edit "Compromised Host - High" set description "Default automation trigger configuration for when a high severity compromised host is detected." next end
config system automation-stitch edit "Compromised Host Quarantine" set description "Default automation stitch to quarantine a high severity compromised host on FortiAPs, FortiSwitches, and FortiClient EMS." set status disable set trigger "Compromised Host - High" config actions edit 1 set action "Quarantine on FortiSwitch + FortiAP"